Authentication toolkit component

In this SDK, all aspects of ArcGIS and network authentication have been encapsulated into a single ArcGIS Maps SDK for Kotlin toolkit component called the Authenticator. This component supports multiple types of authentication challenges, including ArcGIS authentication methods (OAuth, Identity-Aware Proxy (IAP), and ArcGIS token), Integrated Windows Authentication (IWA), and Client Certificate (PKI). It also provides default user interfaces for login prompts, certificate selection prompts, and server trust prompts. For example, here is the default alert prompting the user for username and password credentials:

The Authenticator composable is designed to be displayed on top of your app's UI. It should be called at near-root level; for example, at the same level as a NavHost or the Scaffold containing your map or scene view. The Authenticator should also be the last call of the function so it draws over other content. Username/password and server trust challenges are able to adapt to the size of the container, allowing flexible layout integration.

A toolkit composable named DialogAuthenticator provides the same functionality as Authenticator, but displays the username/password prompt and the server trust UI in a dialog.

All other authentication challenges—including OAuth, IAP, and client certificate prompts—are handled consistently across both composables, using the browser or Android certificate picker as appropriate.

The toolkit contains an essential related class named AuthenticatorState, which handles authentication challenges and exposes the state that the Authenticator (or DialogAuthenticator) displays to the end user. You create an AuthenticatorState instance by calling the AuthenticatorState() composable.

Using the Authenticator toolkit component

Call AuthenticatorState() to create an implementation of the AuthenticatorState interface. Then pass the authenticator state to the Authenticator composable, which should be invoked after MapView so that the login screen hides the map view by displaying on top of it.

Use dark colors for code blocks
@Composable
fun Screen() {

    val authenticatorState by remember { mutableStateOf(AuthenticatorState()) }



    authenticatorState.oAuthUserConfigurations = listOf(
        OAuthUserConfiguration(
            portalUrl = "https://www.arcgis.com",
            clientId = "Your client ID goes here",
            redirectUrl = "Your redirect URL goes here"
        )
    )

    val map = remember {
        createMap()
    }

    Scaffold {
        MapView(
            modifier = Modifier
                .fillMaxSize()
                .padding(it),
            arcGISMap = map
        )
    }

    DialogAuthenticator(authenticatorState = authenticatorState)

}

If the authenticator uses OAuth or Identity-Aware Proxy (IAP), you must specify the OAuthConfiguration or IapConfiguration, add it to a list, and assign the list to the corresponding property on AuthenticatorState.

Use dark colors for code blocks
    authenticatorState.oAuthUserConfigurations = listOf(
        OAuthUserConfiguration(
            portalUrl = "https://www.arcgis.com",  // or URL of your ArcGIS Enterprise or ArcGIS Location Platform portal.
            clientId = "Your client ID goes here",
            redirectUrl = "Your redirect URL goes here"
        )
    )

Use dark colors for code blocks
            val iapConfiguration =
                IapConfiguration.create("Your IAP configuration JSON file path goes here")
                    .getOrThrow()
            authenticatorState.iapConfigurations = listOf(iapConfiguration)

You can also create a credential store that persists between sessions. If the application is restarted, the credential store is automatically pre-populated with stored credentials, and the user does not have to sign in again. In this code, you assign the new credential store to ArcGISEnvironment.authenticatorManager.arcGISCredentialStore. Configuration set on the AuthenticationManager is used by Authenticator and DialogAuthenticator.

Use dark colors for code blocks
            ArcGISEnvironment.authenticationManager.arcGISCredentialStore =
                ArcGISCredentialStore.createWithPersistence().getOrThrow()

During application sign-out, all tokens should be revoked and all credentials cleared from the credentials store. AuthenticatorState.signOut() revokes the tokens and clears the credentials store.

Use dark colors for code blocks
            arcGISCredentialStore.getCredentials().forEach {
                when {
                    it is OAuthUserCredential -> {
                        it.revokeToken()
                    }

                    it is IapCredential -> {
                        it.invalidate { iapSignOut ->
                            promptForIapSignOut(iapSignOut)
                        }
                    }
                }
            }
            networkCredentialStore.removeAll()
            arcGISCredentialStore.removeAll()

To see the Authenticator in action, including the use of OAuth, check out the Authentication Microapp.